Question 1

An e-commerce company has identified risks related to customer data privacy. As part of the risk treatment plan, the risk manager has recommended encrypting sensitive customer data. What factor is crucial for the successful implementation of this corrective action?

Options :

A : The impact of data encryption on system performance and the balance between security and usability.

B : Implementing data encryption as a one-time activity without future reviews or updates.

C : The encryption method-s popularity among other e-commerce companies.

D : Choosing encryption software based solely on the lowest cost option.

Answer: A

Question 2

A government agency is implementing a risk management program. What factor should be emphasized in the risk management method to align with public sector requirements?

Options :

A : Emphasizing only the risks related to the agency-s internal IT systems, ignoring external factors.

B : Focusing solely on risks that have a direct financial impact and ignoring other types of risks.

C : Adopting a method that is exclusively used in the private sector without any adaptation.

D : Prioritizing the protection of public data and continuity of government services in the risk management method.

Answer: D

Question 3

A university is facing risks associated with the unauthorized disclosure of confidential research data. They are considering encrypting all research data, restricting data access to a few key researchers, regularly auditing data access, or a combination of these measures. Which option aligns best with ISO/IEC 27005's guidance on proportionate and effective risk treatment?

Options :

A : Encrypting all research data.

B : A combination of encrypting data, restricting access, and regular audits.

C : Restricting data access to a few key researchers.

D : Regularly auditing data access.

Answer: B

Question 4

An online retailer is assessing the risk of a distributed denial of service (DDoS) attack during its major sale event. In ISO/IEC 27005 terms, what would 'consequence' refer to in this risk assessment?

Options :

A : The probability of a DDoS attack occurring during the sale event.

B : The technical methods used by attackers to initiate a DDoS attack.

C : The cost of implementing additional security measures to prevent DDoS attacks.

D : The impact on sales and customer trust if a DDoS attack occurs.

Answer: D

Question 5

A university is assessing risks associated with its academic and administrative operations. Why is it important for the risk manager to understand these operations?

Options :

A : It is sufficient for the risk manager to focus only on external risks, such as market competition.

B : So the risk manager can assume the responsibilities of academic and administrative staff.

C : Understanding these operations is necessary to identify risks impacting academic integrity, data privacy, and operational efficiency.

D : The risk manager should only be concerned with risks in the university-s IT infrastructure.

Answer: C

Higher Test Marks with Free Online ISO-27005-LRM Exam Practice

Buying Options: